Mobility and security – do they go together?

The term The New Working Life summarises the new way of working that the employees of today and tomorrow expect of their employer. Flexibility and mobility are key words here, as private life and work merge and people work regardless of time, space and location. To succeed in creating the conditions for harmony between technology, employee and location, you cannot focus on how technology should solve all problems, it is equally important how the corporate culture and managers encourage employees to use this new way of working.
In this blog we will describe technical solutions that make “The New Working Life” possible. We will also interweave people and the business, as well as offering advice and tips.

One of the major challenges with mobility is security. In this context we often talk about Enterprise Mobility Management (EMM), but what does this mean?

When people talked about mobility in the past, the main focus was on how to manage and configure phones. The aim was to make them easy to use for users, to help them find applications to make them more productive, while at the same time locking the phones to be on the safe side.

This area has now developed to become more comprehensive. It’s not enough nowadays simply to be able to control phones, information security is now an important focus area. People have realised, in the wake of various security scandals, that data leaks can cost companies dearly. It is important to realise that in order to be able to offer users a complete mobile workplace, IT must be able to decide what to do with working documents on mobile devices, and be able to define security requirements for the devices so that users can have access to potentially business-sensitive information on them.

We talk about three areas in the field of EMM.

MDM, Mobile Device Management

MAM, Mobile Application Management

MIM, Mobile Information Management

Mobile Device Management (MDM)

MDM is a software program that companies can use to keep an inventory, lock, configure, encrypt and distribute policies and apps to mobile devices. It is simply a platform that manages a mobile device throughout its life cycle. From when the device is totally new, you can make sure that the user has the right apps, wireless network settings, email profile, etc. until a user loses it or leaves. There is also the facility to remotely delete the whole device or the parts that are company-specific.

MDM is most suitable when a device is company-owned. When users bring their own devices, there can be resistance as users do not want IT to have total control and power over the device. Fortunately there are alternatives available to deal with this scenario:

Mobile Application Management (MAM)

MAM stands for Mobile Application Management. MAM is similar to MDM in some respects, but the difference is that while MDM controls the whole device, MAM only controls specific apps. Using MAM, IT can control company-specific apps while the remaining functions in the device are managed by the user.

For example, a user can lock his or her phone without a PIN code, but if the user wants to launch an app that is managed by the company, the user has to enter a password.

MAM can allow IT to delete and encrypt only the information stored by company apps. IT can only see and control what users do in company apps, nothing else.

Examples of limitations you can define are to copy/paste between apps and to print.

Mobile Information Management (MIM)

If you then take this one step further, you start to talk about MIM. The idea is that you define policies and rules for your information at file level and manage security for each document. Instead of locking the whole device (MDM) or having company apps managed via MAM, you can use the same app both privately and at work, and it is the information itself that determines what you can do.

EMM according to Microsoft

A year or so ago, Microsoft’s new CEO Satya Nadella presented Microsoft’s new strategy “Mobile First, Cloud First”, in which he set out Microsoft’s new direction. They are investing in mobility and cloud services, and Microsoft has spent huge sums on the development of its services. Taking the new strategy as a guide, the decision was made, instead of setting up the SCCM infrastructure in Azure and calling it a cloud service, to start from scratch with a blank piece of paper, creating an architecture based entirely on Azure Service Fabric. This makes the service scalable, easy to develop and updatable on an ongoing basis.

This has produced results, as seen in the latest “Magic Quadrant for Enterprise Mobility Management Suites” from Gartner, where Microsoft has moved into the “Visionaries Quadrant” in a very short time. You can find the Gartner report here.
Microsoft’s EMM solution is called EMS (Enterprise Mobility Suite). EMS actually consists of three products packaged under one licence. Azure Active Directory, which managed identities in the cloud, Intune, which is responsible for MDM/MAM, and Azure Rights Management Services, which protects the information (MIM).

Microsoft focuses a lot on “Multi-identity” in its apps, giving the user the facility to differentiate his or her private data from work data in apps, and IT only looks after job-related data. This is integrated into, for example, Microsoft Office for iOS or Android, but more manufacturers will be integrating this functionality into their applications. There is also an AppWrapper SDK, where companies themselves can build in functionality into their proprietary apps.

We believe that the challenges posed by this are to be able to guarantee that the infrastructure and the company’s data are protected. Being able to balance risk against usability. To avoid being left behind, people must start looking at their mobile strategy and, as a first step, integrate their identities into the cloud.

In the next blog we’ll take a look at what Windows 10 means for your company.

There’s a lot happening in the field of Enterprise Mobility, so if you feel unsure about how to proceed, contact us at Enfo Zipper for a more detailed discussion about how you can help your business facilitate “The New Working Life”.